﻿/*-------------------------------------
//
//Copyright (C) 2007 开发二组 版权所有。
//
//文件名：AdminLogin.ascx.cs
//
//文件功能描述：后台用户登录控件,启用Forms验证
// 
//创建标识：2007.11.21 殷悦
//创建描述：
//------------------------------------*/
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Security;
using System.Security.Cryptography;
using System.Text;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class WebUserControl2 : System.Web.UI.UserControl
{
    protected void Page_Load(object sender, EventArgs e)
    {
    }

    /// <summary>
    /// 验证用户登录
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void ibtnOK_Click(object sender, ImageClickEventArgs e)
    {
        string strStaffAcount = this.txtUserName.Text;
        string strPassword = this.txtPassWord.Text;
        bool result;

        //将当前取得的密码值转化为对应的hash值
        byte[] EncodePwd = new byte[20];
        EncodePwd = Encoding(strPassword);

        localhost.StaffService staffService = new localhost.StaffService();
        result = staffService.Login(strStaffAcount, EncodePwd);

        //如果登录成功
        if (result == true)
        {
            //同时获取该用户的其他信息
            localhost.Staff staff = staffService.Select(strStaffAcount);
            Session["StaffID"] = staff.StaffID;
            Session["RoleID"] = staff.RoleID;
            Session["Account"] = staff.Account;
            if (staff.Status == true)
            {
                if (FormsAuthentication.GetRedirectUrl(staff.Account, false).IndexOf("default.aspx") == -1)
                { 
                    //如果用户试图访问其他网页，则跳转到该网页。
                    FormsAuthentication.RedirectFromLoginPage(staff.Account, false);
                }
                else
                {
                    //如果用户访问的是登录网页，则跳转到“显示员工信息”网页。
                    FormsAuthentication.SetAuthCookie(staff.Account, false);
                    Response.Redirect("Manage/Manage.aspx");
                }
            }
            else
            {
                this.lblMessage.Text = " 该账户被停用!";
            }
        }//if
        else
        {
            //否则跳转到登录页面
            this.lblMessage.Text = " 用户名或密码不正确!";
        }
    }

    /// <summary>
    /// 计算输入密码的hash值
    /// </summary>
    /// <param name="chars">EncodePwd</param>
    /// <returns></returns>
    private byte[] Encoding(string chars)
    {
        //采用了SHAI算法计算输入密码的hash值
        SHA1Managed mydata = new SHA1Managed();
        byte[] bites = new byte[20];
        ASCIIEncoding pw = new ASCIIEncoding();
        bites = pw.GetBytes(chars);
        bites = mydata.ComputeHash(bites);
        return bites;
    }

    /// <summary>
    /// 清空用户历史输入
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void IbtnCancel_Click(object sender, ImageClickEventArgs e)
    {
        this.txtUserName.Text = "";
        this.txtPassWord.Text = "";
    }
}
